Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#3841 closed defect (fixed)

Theora samples can crash VLC

Reported by: VLC_help Owned by: jb
Priority: high Milestone: 2.0.0 bugs
Component: Build system: Contribs Version: master git
Severity: major Keywords:
Cc: thomas@…, ale5000@…, nykevin.norris@… Difficulty: unknown
Platform(s): Windows Work status: Not started

Description

As noticed in: http://forum.videolan.org/viewtopic.php?f=14&t=78720

There are certain Theora+Vorbis in OGG files that crash VLC 1.1.0 when opened. Tested under Win32.

Sample file (Trailer_Short.ogv): http://www.file-upload.net/download-2638560/Trailer_Short.ogv.html

Change History (23)

comment:1 Changed 5 years ago by courmisch

  • Component changed from I don't know to Demuxers
  • Owner changed from courmisch to fenrir

comment:2 Changed 5 years ago by jb

Doesn't seem to crash on Linux

comment:3 Changed 5 years ago by jb

  • Component changed from Demuxers to Contribs
  • Owner changed from fenrir to jb
  • Status changed from new to assigned

comment:4 Changed 5 years ago by jb

This crashes on the video track. Culprit is theora.

comment:5 Changed 5 years ago by jb

Theora 1.1.0 does the same... Weird

comment:6 Changed 5 years ago by VLC_help

comment:7 Changed 5 years ago by Mampir

I can confirm this problem exists in versions 1.1.0, 1.1.1, 1.1.2, 1.1.3 and 1.1.4 on Windows 7 (32bit). Version 1.0.5 on Windows 7 (32bit) doesn't have this problem.

Version 1.1.0 on GNU/Linux doesn't have this problem - probably the bug is Windows related only.

From the OGV-videos I've tested, the three that crashed are all 1280x720 in resolution. One of them doesn't have audio channels (or any other channels). The same video in lower resolution doesn't crash VLC.

comment:8 Changed 5 years ago by AndersOhrt

Here are more links to OGG files that crashes VLC: Free Electrons. In perticular, I'm trying to view this video: Greg KH on Android

comment:9 Changed 5 years ago by AlicanC

Still happening with the new 1.1.4 version so it didn't get magically fixed by anything. This is annoying as hell.

comment:10 Changed 5 years ago by Ranzer

  • Cc thomas@… added
  • Platform(s) changed from all to Win32
  • Priority changed from normal to high
  • Severity changed from normal to major

I have just found that the 720p OGG Theora version of Big Buck Bunny also causes this crash. VLC 1.0.5 plays it fine, but 1.1.0 and above (including 1.1.4) crash as soon as you try to open it. This is using Windows XP Pro SP3.

Given that Big Buck Bunny is displayed on the front page of videolan.org and the description of the OGG Theora version on bigbuckbunny.org reads:

"OGG Theora Video, Vorbis stereo sound - Plays on linux and other systems with VLC."

... this is kind of a bad look. Using the above as an excuse to bump up the priority, also bumping up the severity since it's a complete crash without so much as an error message.

Would be nice to get this fixed, in the mean time I've had to downgrade to 1.0.5.

comment:11 Changed 5 years ago by bugreporter

This still happens with 1.1.6. We can't use VLC to play some videos and 1.0 release is now unsupported. Any plans to fix this?

comment:12 Changed 5 years ago by courmisch

I don't know... Any plans to send a patch?

comment:13 Changed 4 years ago by jb

fast_memcpy+1011 at ../../.././modules/mmxext/../mmx/fastmemcpy.h:251

DecodeBlock?+596 at ../../.././modules/codec/theora.c:517

in vlc_memcpy

comment:14 Changed 4 years ago by jb

See #4800

comment:15 Changed 4 years ago by ale5000

  • Cc ale5000@… added

comment:16 Changed 4 years ago by finebling

I'm pretty sure I just encountered this issue. Frozen Synapse created a video for me in *.ogv format of a very nicely played level. Unfortunately, the video crashes after the first couple of frames in VLC Media Player 1.1.11 (Portable Apps version) on Windows 7 Ultimate SP1 (64-bit).

http://www.filedropper.com/frozensynapse-greatcooridorrun

I will be very sad if I can't find a way to play this video.

comment:17 Changed 4 years ago by jb

See #5114

comment:18 Changed 4 years ago by NYKevin

  • Cc nykevin.norris@… added

comment:19 Changed 4 years ago by XP1

VLC 1.1.5 and 1.1.11 crash when I play the video, as a stream, from http://en.wikipedia.org/wiki/File:Win_8_Runing.ogg.

Is this related?

comment:20 Changed 4 years ago by VLC_help

Still happens with VLC 1.2.0 (pre2-20111204-0202)

Backtrace from Win32 builds is following

(gdb) bt
#0  0x64311623 in fast_memcpy (to=0x9afaa00, from=0x5adbff8, len=624)
    at ../mmx/fastmemcpy.h:256
#1  0x60d14f84 in DecodeBlock (p_dec=0x292a4b8, pp_block=0x549fe1c)
    at theora.c:519
#2  0x6168a77d in DecoderDecodeVideo (p_dec=0x292a4b8, p_block=0x0)
    at input/decoder.c:1517
#3  0x6168b849 in DecoderProcess (p_dec=0x292a4b8, p_block=0x6)
    at input/decoder.c:1888
#4  0x6168b949 in DecoderThread (p_data=0x292a4b8) at input/decoder.c:938
#5  0x616f9809 in vlc_entry (p=0x291b2d8) at win32/thread.c:577
#6  0x773d2599 in wcstombs () from /cygdrive/c/Windows/system32/msvcrt.dll
#7  0x773d26b3 in msvcrt!_beginthreadex ()
   from /cygdrive/c/Windows/system32/msvcrt.dll
#8  0x77afd309 in KERNEL32!AcquireSRWLockExclusive ()
   from /cygdrive/c/Windows/system32/kernel32.dll
#9  0x779c16c3 in ntdll!RtlInitializeNtUserPfn ()
   from /cygdrive/c/Windows/system32/ntdll.dll
#10 0x779c1696 in ntdll!RtlInitializeNtUserPfn ()
   from /cygdrive/c/Windows/system32/ntdll.dll
#11 0x00000000 in ?? ()

comment:21 Changed 4 years ago by jb

  • Summary changed from Another Theora+Vorbis in OGG that crashes VLC to Theora samples can crash VLC

comment:22 Changed 4 years ago by theron@…

  • Resolution set to fixed
  • Status changed from assigned to closed

commit 1014cc350fda0e8a1ffd368348a823cd9e84fce0 Author: Theron Lewis <theron@…> Date: Fri Feb 10 14:52:37 2012 -0800

Use newer theora API and fix crash

Close #3841

This updates the theora module to use the newer API introduced in Theora version 1.0. It solves a crash on windows that was caused by reading past the end of the YUV structure due to an incorrect line count. This has been fixed by using the minimum line count common to both the source and destination of the pixel data. The new ycbcr structure in the new API makes the picture copy much more straightforward.

Modified-by: Jean-Baptiste Kempf <jb@…> Signed-off-by: Jean-Baptiste Kempf <jb@…>

comment:23 Changed 4 years ago by jb

  • Milestone changed from Bugs paradize to 2.0.0 bugs
Note: See TracTickets for help on using tickets.